First published: Sat Apr 20 2019(Updated: )
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MediaArea MediaInfo | =18.12 | |
Fedoraproject Fedora | =28 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
debian/libmediainfo | 20.09+dfsg-2 23.04+dfsg-1 24.06+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-11372 is medium with a severity value of 6.5.
CVE-2019-11372 leads to an out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib.
The versions affected by CVE-2019-11372 are 18.12-2, 20.09+dfsg-2, 23.04+dfsg-1, and 23.10+dfsg-1.
To fix CVE-2019-11372 on Ubuntu, update the libmediainfo package to version 17.12-1ubuntu0.1, 18.03.1-1ubuntu0.1, or 18.12-1ubuntu0.1, depending on the release version.
More information about CVE-2019-11372 can be found at the following references: [link1], [link2], [link3].